The Healthcare vertical has seen 39% of insider threats prominently in breaches, according to Verizon's Data Breach Investigation Report DBIR 2022. Though, you may ask, what insider threats? Unfortunately, employees are still the cause of breaches, not particularly for malicious misuse of their access but for miscellaneous errors driving the incidents and their effects on business-critical systems, causing immeasurable financial and reputational damage.
Let's look at some stats of data compromised from Verizon's DBIR 2022 healthcare report.
- Personal (58%)
- Medical (46%)
- Credentials (29%)
- Other Breaches (29%)
The most significant, damaging, and prevalent business threat is phishing scams. Phishing accounts for 90% of all security breaches companies face, with a 65% increase last year and more than $12 billion in lost business.
- Phishing attacks occur when attackers pose as trusted contacts and lure users into clicking malicious links, downloading malicious files, or giving them access to sensitive information, account details, or credentials.
How can we mitigate the above threats? The short answer is applying cybersecurity policies from a top-down approach, leading efforts by senior management to the workforce members, and implementing rigorous cybersecurity safeguards and awareness initiatives. A few examples are:
- Cybersecurity Awareness Training Videos focusing on Phishing Attacks, Smishing, and Social Engineering
- Quarterly Phishing Simulation Attacks
- Monthly Cybersecurity Awareness Newsletters
Through creating a culture of cybersecurity vigilance, together we can help combat potential cyber-attacks to the healthcare industry.
Author:
Miguel Urrutia
Chief Information Security Officer - Linical